Hi,
ich habe seit 03.04.2010 eine AntiVir Meldung bezüglich TR/Agent.ruo sie Kahm aus dem nichts. Die Meldung tritt nun häufiger auf und habe jetzt auch schon ein bisschen hier gelesen was zu tun ist. Wäre super wenn ihr mir helfen könnt ! System platt machen ist leider keine alternative...
Wenn ich das richtig verstanden habe geht es mit dem OSAM log los.

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:13:58 on 04.04.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Google Inc. Google Chrome 0.0.0.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-606747145-1788223648-725345543-1003Core.job" - "Google Inc." - E:\Dokumente und Einstellungen\crizz\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-606747145-1788223648-725345543-1003UA.job" - "Google Inc." - E:\Dokumente und Einstellungen\crizz\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"VLC media player.job" - "the VideoLAN Team" - E:\PROGRA~1\VideoLAN\VLC\vlc.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - E:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - E:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - E:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir Personal – Free Antivirus " - "Avira GmbH" - E:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"NokiaConnectionManager" - "Nokia" - E:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL
"QuickTime" - "Apple Inc." - E:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"admvo6gk" (admvo6gk) - "Microsoft Corporation" - E:\WINDOWS\system32\drivers\admvo6gk.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgio" (avgio) - "Avira GmbH" - E:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - E:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - E:\WINDOWS\System32\DRIVERS\avipbb.sys
"Changer" (Changer) - ? - E:\WINDOWS\system32\drivers\Changer.sys (File not found)
"gdrv" (gdrv) - "Windows (R) 2000 DDK provider" - E:\WINDOWS\gdrv.sys
"i2omgmt" (i2omgmt) - ? - E:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - E:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"Logitech SetPoint Keyboard Driver" (L8042Kbd) - "Logitech, Inc." - E:\WINDOWS\System32\DRIVERS\L8042Kbd.sys
"Logitech SetPoint KMDF HID Filter Driver" (LHidFilt) - "Logitech, Inc." - E:\WINDOWS\System32\DRIVERS\LHidFilt.Sys
"Logitech SetPoint KMDF Mouse Filter Driver" (LMouFilt) - "Logitech, Inc." - E:\WINDOWS\System32\DRIVERS\LMouFilt.Sys
"Logitech SetPoint KMDF USB Filter" (LUsbFilt) - "Logitech, Inc." - E:\WINDOWS\System32\Drivers\LUsbFilt.Sys
"pci4hdva" (pci4hdva) - "Microsoft Corporation" - E:\WINDOWS\system32\drivers\pci4hdva.sys
"PCIDump" (PCIDump) - ? - E:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - E:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - E:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - E:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - E:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - E:\WINDOWS\System32\Drivers\PxHelp20.sys
"SetPoint Mouse Filter Driver" (LMouKE) - "Logitech, Inc." - E:\WINDOWS\System32\DRIVERS\LMouKE.Sys
"SetPoint PS/2 Mouse Filter Driver" (L8042mou) - "Logitech, Inc." - E:\WINDOWS\System32\DRIVERS\L8042mou.Sys
"sptd" (sptd) - "Duplex Secure Ltd." - E:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - E:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WDICA" (WDICA) - ? - E:\WINDOWS\system32\drivers\WDICA.sys (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - e:\WINDOWS\system32\Rundll32.exe e:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - E:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - E:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - E:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - E:\Programme\7-Zip\7-zip.dll
{653DCCC2-13DB-45B2-A389-427885776CFE} "Aktivitäten-Eigenschaftenseite" - "Microsoft Corporation" - E:\Programme\Microsoft IntelliPoint\ipcplact.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - E:\Programme\Microsoft IntelliPoint\ipcplsens.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - E:\Programme\iTunes\iTunesMiniPlayer.dll
{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} "JetFlExt Class" - "COWON America" - E:\Programme\JetAudio\JetFlExt.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - E:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{20082881-FC36-4E47-9A7A-644C95FF749F} "Schnurlose Eigenschaften" - "Microsoft Corporation" - E:\Programme\Microsoft IntelliPoint\ipcplwir.dll
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Scrollrad-Eigenschaftenseite" - "Microsoft Corporation" - E:\Programme\Microsoft IntelliPoint\ipcplwhl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - E:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - e:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - e:\WINDOWS\system32\dfshim.dll
{124597D8-850A-41AE-849C-017A4FA99CA2} "Tasten-Eigenschaftenseite" - "Microsoft Corporation" - E:\Programme\Microsoft IntelliPoint\ipcplbtn.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - E:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"PokerStars" - "PokerStars" - E:\Programme\PokerStars\PokerStarsUpdate.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{D0943516-5076-4020-A3B5-AEFAF26AB263} "Veoh Browser Plug-in" - "Veoh Networks Inc" - E:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - E:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists)
"desktop.ini" - ? - E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - E:\Dokumente und Einstellungen\crizz\Startmenü\Programme\Autostart\desktop.ini
"Dropbox.lnk" - ? - E:\Dokumente und Einstellungen\crizz\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"36X Raid Configurer" - "Gigabyte Technology Corp." - E:\WINDOWS\system32\xRaidSetup.exe boot
"avgnt" - "Avira GmbH" - "E:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"IntelliPoint" - "Microsoft Corporation" - "E:\Programme\Microsoft IntelliPoint\ipoint.exe"
"iTunesHelper" - "Apple Inc." - "E:\Programme\iTunes\iTunesHelper.exe"
"JMB36X IDE Setup" - ? - E:\WINDOWS\RaidTool\xInsIDE.exe (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe LM Service" (Adobe LM Service) - ? - E:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
"Akamai NetSession Interface" (Akamai) - ? - e:\programme\gemeinsame dateien\akamai\rswin_3648.dll (File found, but it contains no detailed information)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"ATI Smart" (ATI Smart) - ? - E:\WINDOWS\system32\ati2sgag.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - E:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - E:\Programme\Avira\AntiVir Desktop\sched.exe
"AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - E:\Programme\FRITZ!DSL\IGDCTRL.EXE
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - E:\Programme\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - E:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - E:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - E:\Programme\Java\jre6\bin\jqs.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - E:\WINDOWS\system32\GameMon.des
"PnkBstrA" (PnkBstrA) - ? - E:\WINDOWS\system32\PnkBstrA.exe (File found, but it contains no detailed information)
"PnkBstrB" (PnkBstrB) - ? - E:\WINDOWS\system32\PnkBstrB.exe (File found, but it contains no detailed information)
"ServiceLayer" (ServiceLayer) - "Nokia." - E:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - E:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - E:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

in einem anderen thread hat cosinus folgende hilfestellung gegeben:

Bitte mit OSAM deaktivieren (siehe Anleitung zu OSAM). Poste danach ein neues Log von OSAM und lass die Datei (falls noch vorhanden)


C:\WINDOWS\system32\drivers\sysann.sys


bei https://www.Virustotal.com auswerten. Bitte dann den Ergebnislink posten.